CVE-2021-32582

Опубликовано: 17 июн. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.

Ссылки

https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369
Permissions Required
Vendor Advisory
https://www.connectwise.com/company/trust/security-bulletins
Vendor Advisory
https://www.connectwise.com/platform/unified-management/automate
Product
https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369
Permissions Required
Vendor Advisory
https://www.connectwise.com/company/trust/security-bulletins
Vendor Advisory
https://www.connectwise.com/platform/unified-management/automate
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:connectwise:connectwise_automate:*:*:*:*:*:*:*:*

Версия до 2021.5 (исключая)

EPSS

Процентиль: 61%

0.00418

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-q5v7-h3m6-ch7h

github

больше 3 лет назад